CVE-2023-24215

Vulnerability

An incorrect access control vulnerability exists in the /uci/get/ endpoint of NOVUS AirGate 4G firmware version v1.1.16 [2]. The endpoint does not properly restrict access to sensitive functionality, allowing an unauthenticated attacker to retrieve administrator credentials via a crafted POST request [2]. This affects only firmware v1.1.16 of the AirGate 4G product [2].

Exploitation

An attacker can exploit this vulnerability over the network without any authentication or user interaction [2]. The attack vector is remote, and the required complexity is low [2]. The attacker crafts a POST request to the /uci/get/ endpoint, which then returns the administrator credentials to the attacker [1][2].

Impact

Successful exploitation allows an attacker to obtain the device's administrator credentials [2]. With these credentials, the attacker can gain full administrative access to the device, modify its configuration, and potentially compromise the security of the network where the device is deployed [2]. The impact includes both confidentiality and integrity loss [2].

Mitigation

As of the available references, no official patch or fixed version has been released by NOVUS [1][2]. The affected firmware version v1.1.16 remains vulnerable. Users should monitor vendor advisories for a security update and, if possible, restrict network access to the device's management interface as a workaround until a fix is available.